Add Custom BGP Script to Icinga Director

Am new to Icinga. I have a requirement to monitor BGP peering status on ASA. I can create Python Netmiko script to connect ASA and get the required output through SSH, how can I integrate this script to Icinga and check this in regular intervals and notify if BGP peering is not Established. Please help me on this if we can achieve output in any other ways through Icinga.

from netmiko import ConnectHandler

Below is the sample Netmiko script:
iosv_l2_s4 = {
‘device_type’: ‘cisco_asa’,
‘ip’: ‘192.168.56.103’,
‘username’: ‘XXX’,
‘password’: ‘XXXX’,
}

net_connect = ConnectHandler(**iosv_l2_s4)
output = net_connect.send_command(‘show bgp neighbor 1.1.1.1 | i BGP state’)
output1 = net_connect.send_command(‘show bgp neighbor 192.1.1.2 | i BGP state’)
print (output+‘neighbor to 1.1.1.1’)

print (output1+‘neighbor to 192.1.1.2’)

Tried check_by_ssh works for ASA, did not work. I have seen it works for Linux devices please can you guide me for Network devices.

We monitor thousands of BGP peer statuses with the following method:

  • a polling script that gets peer information and dumps it into a db. There is also a last_seen column that updates when the poller runs

  • a script for Icinga that pulls the information from the database and makes API calls to Icinga2 to update the status of each peer for all devices

    • this script needs logic to tie the peer to a host. Our database has foreign keys in the bgppeer table that tie back to a device to make the lookup a little easier
    • script submits everything to the Icinga2 api, and gets a 404 if for some reason the peer (or device) is not in Icinga, which is fine in our environment since there is a web frontend to the db to disable a device from monitoring

Since you are using Python, I would suggest looking at the icinga2apic package. If you’re only monitoring a few peers, you may not want to go the route we have in which case you could:

  • use the icinga2apic package or simple python requests to make API calls back to Icinga2 to update the status
  • make your check into a plugin script that Icinga2 can execute and get the status back.

I can’t spell out the step by step solution for you, since you are new and some knowledge of Icinga2 is assumed for this. Below are a few pieces of documentation to help you get started:

Icinga 2 API Python Client
Icinga2APIc

Icinga2 API Documentation
API docs

Nagios plugin exit statuses
Plugin Exit Statuses

  • Implemented in python with exit(status_code) with status code being 0, 1, 2, or 3 in most cases.

If you choose to convert your script into a plugin:
Director Documentation
Icinga2 Docs

You will at least want to gather a basic understanding of how to implement commands, services/apply rules if you choose to do this via a custom check plugin.

Thanks Ben for your help. I was able to run the Python script

1 Like